In a recent interview, NHL Chief Information Security Officer David Munroe emphasized the importance of purpose-built and developer-informed cloud security that aligns with business use cases to prevent friction within organizations. Munroe highlighted the NHL’s utilization of cloud services for flexible needs such as broadcast distribution, where viewer load can vary unpredictably. However, he noted that certain compute-intensive or -sensitive workloads, such as AI model training or data-intensive analysis, still take place within the NHL’s on-premises data centers.
According to Munroe, tooling, governance, and visibility should be integrated into the initial design of any cloud deployment to ensure security and efficiency. He cautioned against applying traditional security measures to the cloud, as this may hinder the speed, usability, and scalability that cloud environments are designed to deliver. Instead, Munroe emphasized the importance of tailoring security measures to meet the specific needs of users, developers, and infrastructure within the organization.
During an audio interview with Information Security Media Group at Palo Alto Networks’ Ignite on Tour – New York, Munroe also touched upon several key topics, including the unique cybersecurity challenges and threats faced by the NHL, the cost tradeoffs between cloud and physical data centers, and the specific issues related to public access within the NHL.
Munroe brings a wealth of experience to his role as NHL CISO, having started his technology career in 1994 by founding one of the first commercial internet service providers. He has witnessed firsthand the exponential growth of the internet and the emergence of InfoSec threats associated with it. Prior to joining the NHL in 2015, Munroe spent a decade at Sony Music, where he played a pivotal role in establishing the global information security team.
In summary, Munroe’s insights shed light on the evolving landscape of cloud security and the importance of integrating security measures that are tailored to the specific needs and functionalities of organizations. By adopting purpose-built and developer-informed security practices, companies can enhance their overall cybersecurity posture while leveraging the benefits of cloud technology to drive innovation and growth.